> So u are suggesting 1024/2048 bits size/length for A to seed the PRNG and
> then after that the output stream O could be drawn to provide the
> bits for
> RSA 1024/2048 bits modulo key materials generation?
That is incorrect.
> A few of us are inclined towards this, but a few of my pals seem to think
> weirdly. They feel that 64/128 or even 192 bits would have
> sufficed. Their
> argument is that the symmetric and asymmetric crypto "strength"
> would means
> that such length/size of A would match up. A few years back, Schneier
> commented in a paper on the comparison of crypto "strength" between
> symmetric and asymmetric key sizes (something like 80bits symm key is
> equivalent to 1024bits asymm RSA key). But I really disagree that the
> crypto strength has anythin to do with RNG. What does everyone think?
Here's the quick proof that fewer than 1,024 bits are needed to seed a PRNG
that's going to produce a 1,024 bit RSA key: If you needed 1,024 bits to
seed the PRNG, that would mean there would have to be 2^1,024 possible 1,024
bit RSA keys, or, to put it another way, all possible bit combinations of a
given length would have to be legal RSA keys. They are not.
The PRNG simply has to be strong enough to not be the weakest link.
DS
Received on Apr 26 2004
Intro
